Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-j3za-9wj7-vkd7
Summary
Exposure of Resource to Wrong Sphere
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability allows a sandboxed renderer to request a `thumbnail` image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
Aliases
0
alias CVE-2021-39184
1
alias GHSA-mpjm-v997-c4h4
Fixed_packages
0
url pkg:npm/electron@11.5.0
purl pkg:npm/electron@11.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.5.0
1
url pkg:npm/electron@12.1.0
purl pkg:npm/electron@12.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@12.1.0
2
url pkg:npm/electron@13.3.0
purl pkg:npm/electron@13.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.3.0
3
url pkg:npm/electron@15.1.0
purl pkg:npm/electron@15.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.1.0
Affected_packages
0
url pkg:npm/electron@10.1.0
purl pkg:npm/electron@10.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3za-9wj7-vkd7
1
vulnerability VCID-p3vt-avbt-kyed
2
vulnerability VCID-xngs-29hg-7kh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.1.0
1
url pkg:npm/electron@12.0.0
purl pkg:npm/electron@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3za-9wj7-vkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@12.0.0
2
url pkg:npm/electron@13.0.0
purl pkg:npm/electron@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3za-9wj7-vkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.0.0
3
url pkg:npm/electron@14.0.0
purl pkg:npm/electron@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3za-9wj7-vkd7
1
vulnerability VCID-r9kq-n5sk-zqba
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@14.0.0
4
url pkg:npm/electron@15.0.0
purl pkg:npm/electron@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3za-9wj7-vkd7
1
vulnerability VCID-r9kq-n5sk-zqba
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39184
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58877
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39184
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/pull/30728
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/30728
3
reference_url https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f
4
reference_url https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39184
reference_id CVE-2021-39184
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39184
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 668
name Exposure of Resource to Wrong Sphere
description The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-j3za-9wj7-vkd7